Malwarebytes: 36 Percent Increase in Cybersecurity Costs for Enterprises

The costs of cybersecurity threats has “dramatically increased” in the past few years, chewing through midsize companies that have seen security budgets increase by 36 percent.

That’s according to a new report published by Malwarebytes, which reveals a surge in cybersecurity investment, especially by U.S. companies. In a poll of 900 IT decision makers in Australia, Germany, the U.S., U.K., and Singapore, the report found the average midsize company was paying $1.8 million per year for cybersecurity.

See also: Survey Shows Execs May Not Be As Ready As They Think on Cybersecurity

The most common forms of cybercrime are phishing, ransomware, and spear phishing. On average, companies need to pay $290,000 per incident, rising to $420,000 in the United States. This may include getting specialists in to fix the issues or paying the ransom asked for by the hackers.

Cybersecurity is already suffering from a lack of talent and enterprises are continuing to move more of their core businesses online. Technologies like the Internet of Things (IoT) only expand the number of devices and portals that can be targeted by hackers, and inevitably as more come online, these malicious programs will become even more sophisticated in their attacks.

“The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today’s businesses, with a seemingly larger hit to security departments of mid-market enterprises,” said Marcin Kleczynski, Malwarebytes CEO.

“On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP, and reputation. We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.”